Preparing a Strategy for Application Vulnerability Detection

Friday October 02, 2009 - 12pm ET / By Juan Calderon
logo
 

Register to webinar

 
Content
  • What are the biggest risk levels within the application portfolio?
  • Identifying Riskier Applications
  • Selecting the right testing approach
  • The Single Tool Trap
  • Verification Requirements in the App Sec Policy
  • Summary
 right_shadow
bottom_shadow

Preface

With today’s extensive use of web applications to optimize and digitize the key processes of companies, most of the sensitive information of the organization, including customer private data, corporate secrets and other information assets are subject to being exposed to the Internet.

A balanced vulnerability detection strategy is critical. Good guys have to find all the vulnerabilities, while hackers just need to find one to cause great damage.

Identifying the level of risk those applications represent for a company is a primal task for information security officers. In an ideal world, one would be able to look for security bugs in every single application in the company’s inventory to determine the company’s overall security position. However, full-blown testing would be overwhelming and too expensive. At the same time, a timid approach could leave the organization exposed to a security breach, which may lead to financial and reputation losses.

A balanced approach is the best way to adequately protect and safeguard the most important company assets first. It provides the overall picture of the company’s information assets exposure and allows the company to make the right decisions regarding where the fixing efforts should be spent. This white paper will share some key tactics that can help answer the following questions:

  • Where should application security testing start?
  • Which applications are most critical to the company?
  • What kind of testing method should be used?
  • What tool is best for the job?
  • What verification requirements should be considered for the application security policy?

There are no straight answers to these questions, as an effective approach should be tailored to the specific needs and goals of the organization and its industry.

To continue reading, please fill out the form on the upper right-hand side of the page.
 
 
© Valores Corporativos Softtek S.A. de C.V.